Zhijie Shen created YARN-2798:
---------------------------------
Summary: YarnClient doesn't need to translate Kerberos name of
timeline DT renewer
Key: YARN-2798
URL: https://issues.apache.org/jira/browse/YARN-2798
Project: Hadoop YARN
Issue Type: Bug
Reporter: Zhijie Shen
Assignee: Zhijie Shen
Priority: Blocker
Now YarnClient will automatically get a timeline DT when submitting an app in a
secure mode. It will try to parse the yarn-site.xml/core-site.xml to get the RM
daemon operating system user. However, the RM principal and auth_to_local may
not be properly presented to the client, and the client cannot translate the
principal to the daemon user properly. On the other hand,
AbstractDelegationTokenIdentifier will do this translation when create the
token. However, since the client has already translated the full principal into
a short user name (which may not be correct), the server can no longer apply
the translation any more, where RM principal and auth_to_local are always
correct.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
